Friday, December 13, 2019

Bills Introduced – 12-12-19

Yesterday with both the House and Senate in session there were 55 bills introduced. Of those three may receive additional coverage in this blog:

S 3033 A bill to establish a K-12 education cybersecurity initiative, and for other purposes. Sen. Peters, Gary C. [D-MI]

S 3040 A bill to amend the Higher Education Act of 1965 to include teacher preparation for computer science in elementary and secondary education. Sen. Rosen, Jacky [D-NV] 

S 3045 A bill to amend the Homeland Security Act of 2002 to protect United States critical infrastructure by ensuring that the Cybersecurity and Infrastructure Security Agency has the legal tools it needs to notify private and public sector entities put at risk by cybersecurity vulnerabilities in the networks and systems that control critical assets of the United States. Sen. Johnson, Ron [R-WI]

Cybersecurity Education

Actually, I doubt that S 3033 and S 3040 will contain language specifically including control system security processes in the required curriculum. That would normally mean that I would not cover these bills here. So I will take this opportunity to get a screed about K-12 education out of my system.

Students are in the K-12 education environment for 13 years for something like 9 months out of the year. A typical school day (minus extracurricular activities) last six to eight hours. In that brief time students are exposed to the basic knowledge necessary for participation in our society. Back in the dark ages when I went to school that consisted of reading, writing, arithmetic, foreign language, history and the arts with a smattering of physical education. Each year the components of those basics became more complex, building on the previous knowledge gained. And the school day was rather full.

Whenever we add new curriculum to that base, decisions have to be made about where the time for teaching the new material will be added. We could increase the number of hours at school, but that would cut into extracurricular activities and besides students can only be expected to take so much time sitting around learning. The alternative it to reduce the time it takes to teach the other subjects or to remove some of those subjects.

It would seem to me that anytime we legislatively attempt to expand the required knowledge base we must also determine where the time will come from to add that instruction. Unfortunately, congresscritters are notorious for adding program requirements without adding resources to effect those requirements. Just let the affected managers make the hard decisions. That way the complaints will be focused on them not congresscritters.

CISA Subpoenas

S 3045 has been in the works for a while now. I have not yet seen the bill, but press accounts (see here for instance) make this seem like a good idea. It would apparently give CISA that power to issue subpoenas to Telecoms to require them to provide contact information for internet addresses where CISA has identified a critical infrastructure vulnerability. That would allow CISA to contact the vulnerable party and work with them to mitigate the vulnerability. Motherhood and Apple Pie, who can object to that? Of course, the devil is in the details.

No comments:

/* Use this with templates/template-twocol.html */